<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="theme-color" content="#000"><meta name="generator" content="Hexo 7.3.0">


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#000">

<link rel="stylesheet" href="/css/main.css">



<link rel="stylesheet" href="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/font-awesome/6.1.1/css/all.min.css" integrity="sha256-DfWjNxDkM94fVBWx1H5BMMp0Zq7luBlV8QRcSES7s+0=" crossorigin="anonymous">
  <link rel="stylesheet" href="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/animate.css/3.1.1/animate.min.css" integrity="sha256-PR7ttpcvz8qrF57fur/yAx1qXMFJeJFiA6pSzWi0OIE=" crossorigin="anonymous">
  <link rel="stylesheet" href="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/pace/1.2.4/themes/blue/pace-theme-minimal.css">
  <script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/pace/1.2.4/pace.min.js" integrity="sha256-gqd7YTjg/BtfqWSwsJOvndl0Bxc8gFImLEkXQT8+qj0=" crossorigin="anonymous"></script>

<script class="next-config" data-name="main" type="application/json">{"hostname":"lm379.cn","root":"/","images":"/images","scheme":"Muse","darkmode":false,"version":"8.12.2","exturl":false,"sidebar":{"position":"right","display":"post","padding":18,"offset":12},"copycode":{"enable":true,"style":"mac"},"bookmark":{"enable":false,"color":"#222","save":"auto"},"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"stickytabs":false,"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"fadeInDown","post_body":"fadeInDown","coll_header":"fadeInLeft","sidebar":"fadeInUp"}},"i18n":{"placeholder":"搜索...","empty":"没有找到任何搜索结果：${query}","hits_time":"找到 ${hits} 个搜索结果（用时 ${time} 毫秒）","hits":"找到 ${hits} 个搜索结果"},"path":"/search.xml","localsearch":{"enable":true,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":true}}</script><script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/config.min.js"></script>

    <meta name="description" content="本文基于我在知乎问题&quot;个人小网站是怎么防止网站被攻击的?&quot;下的回答进行修改">
<meta property="og:type" content="article">
<meta property="og:title" content="个人的网站防护分享">
<meta property="og:url" content="https://lm379.cn/2024/08/27/%E4%B8%AA%E4%BA%BA%E7%9A%84%E7%BD%91%E7%AB%99%E9%98%B2%E6%8A%A4%E5%88%86%E4%BA%AB/index.html">
<meta property="og:site_name" content="lm379のBlog">
<meta property="og:description" content="本文基于我在知乎问题&quot;个人小网站是怎么防止网站被攻击的?&quot;下的回答进行修改">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/75134d7a82a9f305c2a391d704030764.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/7067547e8de85cc8c4a6c98ef7bf06d4.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/176b8ae85b2b01df114520feb1505caa.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/d4995502e9216262d724ddd46f6b453f.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/de680bce5c10f35d6c736d9d0576190d.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/73a9bf79548f0ac9ba6a119c27034824.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/6f9648e73f92c93e6ef7f53559b37d9b.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/60bde2774ff3d29970426428307dd3a9.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/14db1614e4f7bf2c1d8aefcacf6b2b04.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/465f7d5e949451d6275c07d329920432.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/3e45f61ddceba071a02bb5d1737dc8ff.png">
<meta property="og:image" content="https://r2.lm379.cn/2024/08/a11a1bdf6fdec197f0ade901a0b15ff0.png">
<meta property="article:published_time" content="2024-08-27T10:42:14.000Z">
<meta property="article:modified_time" content="2024-12-25T17:55:00.000Z">
<meta property="article:author" content="lm379">
<meta property="article:tag" content="cdn">
<meta property="article:tag" content="cloudflare">
<meta property="article:tag" content="waf">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://r2.lm379.cn/2024/08/75134d7a82a9f305c2a391d704030764.png">


<link rel="canonical" href="https://lm379.cn/2024/08/27/%E4%B8%AA%E4%BA%BA%E7%9A%84%E7%BD%91%E7%AB%99%E9%98%B2%E6%8A%A4%E5%88%86%E4%BA%AB/">



<script class="next-config" data-name="page" type="application/json">{"sidebar":"","isHome":false,"isPost":true,"lang":"zh-CN","comments":true,"permalink":"https://lm379.cn/2024/08/27/%E4%B8%AA%E4%BA%BA%E7%9A%84%E7%BD%91%E7%AB%99%E9%98%B2%E6%8A%A4%E5%88%86%E4%BA%AB/","path":"2024/08/27/个人的网站防护分享/","title":"个人的网站防护分享"}</script>

<script class="next-config" data-name="calendar" type="application/json">""</script>
<title>个人的网站防护分享 | lm379のBlog</title>
  



  <script defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{&quot;token&quot;: &quot;5a58651dc232489989204bf6775afe7a&quot;}'></script>


  <noscript>
    <link rel="stylesheet" href="/css/noscript.css">
  </noscript>
</head>

<body itemscope itemtype="http://schema.org/WebPage" class="use-motion">
  <div class="headband"></div>

  <main class="main">
    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏" role="button">
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <i class="logo-line"></i>
      <p class="site-title">lm379のBlog</p>
      <i class="logo-line"></i>
    </a>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
        <i class="fa fa-search fa-fw fa-lg"></i>
    </div>
  </div>
</div>



<nav class="site-nav">
  <ul class="main-menu menu"><li class="menu-item menu-item-home"><a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a></li><li class="menu-item menu-item-tags"><a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签<span class="badge">44</span></a></li><li class="menu-item menu-item-categories"><a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类<span class="badge">11</span></a></li><li class="menu-item menu-item-archives"><a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档<span class="badge">58</span></a></li><li class="menu-item menu-item-commonweal"><a href="/404/" rel="section"><i class="fa fa-heartbeat fa-fw"></i>公益 404</a></li><li class="menu-item menu-item-about"><a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>关于</a></li>
      <li class="menu-item menu-item-search">
        <a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
        </a>
      </li>
  </ul>
</nav>



  <div class="search-pop-overlay">
    <div class="popup search-popup"><div class="search-header">
  <span class="search-icon">
    <i class="fa fa-search"></i>
  </span>
  <div class="search-input-container">
    <input autocomplete="off" autocapitalize="off" maxlength="80"
           placeholder="搜索..." spellcheck="false"
           type="search" class="search-input">
  </div>
  <span class="popup-btn-close" role="button">
    <i class="fa fa-times-circle"></i>
  </span>
</div>
<div class="search-result-container no-result">
  <div class="search-result-icon">
    <i class="fa fa-spinner fa-pulse fa-5x"></i>
  </div>
</div>

    </div>
  </div>

</div>
        
  
  <div class="toggle sidebar-toggle" role="button">
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
  </div>

  <aside class="sidebar">

    <div class="sidebar-inner sidebar-nav-active sidebar-toc-active">
      <ul class="sidebar-nav">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <div class="sidebar-panel-container">
        <!--noindex-->
        <div class="post-toc-wrap sidebar-panel">
            <div class="post-toc animated"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#1-%E5%8F%8C%E7%BA%BFcdn%E9%9A%90%E8%97%8F%E6%BA%90%E7%AB%99ip"><span class="nav-number">1.</span> <span class="nav-text"> 1. 双线cdn隐藏源站ip</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#2-%E9%98%B2%E7%81%AB%E5%A2%99%E8%AE%BE%E7%BD%AE"><span class="nav-number">2.</span> <span class="nav-text"> 2. 防火墙设置</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#%E4%BD%BF%E7%94%A8fail2ban"><span class="nav-number">2.1.</span> <span class="nav-text"> 使用fail2ban</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E4%BF%AE%E6%94%B9%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%98%B2%E7%81%AB%E5%A2%99"><span class="nav-number">2.2.</span> <span class="nav-text"> 修改服务器防火墙</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%AE%9E%E6%93%8D%E9%83%A8%E5%88%86"><span class="nav-number">2.3.</span> <span class="nav-text"> 实操部分</span></a></li></ol></li></ol></div>
        </div>
        <!--/noindex-->

        <div class="site-overview-wrap sidebar-panel">
          <div class="site-author site-overview-item animated" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image" alt="lm379"
      src="https://r2.lm379.cn/2024/05/4e267962f6254f01166242c803cd488f.jpg">
  <p class="site-author-name" itemprop="name">lm379</p>
  <div class="site-description" itemprop="description">记录个人的折腾之旅</div>
</div>
<div class="site-state-wrap site-overview-item animated">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
        <a href="/archives/">
          <span class="site-state-item-count">58</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
          <a href="/categories/">
        <span class="site-state-item-count">11</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
          <a href="/tags/">
        <span class="site-state-item-count">44</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>
  <div class="links-of-author site-overview-item animated">
      <span class="links-of-author-item">
        <a href="https://github.com/lm379" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;lm379" rel="noopener" target="_blank"><i class="fab fa-github fa-fw"></i>GitHub</a>
      </span>
      <span class="links-of-author-item">
        <a href="mailto:lm379@foxmail.com" title="E-Mail → mailto:lm379@foxmail.com" rel="noopener" target="_blank"><i class="fa fa-envelope fa-fw"></i>E-Mail</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://weibo.com/u/6997206595" title="Weibo → https:&#x2F;&#x2F;weibo.com&#x2F;u&#x2F;6997206595" rel="noopener" target="_blank"><i class="fab fa-weibo fa-fw"></i>Weibo</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://space.bilibili.com/299502822" title="B站 → https:&#x2F;&#x2F;space.bilibili.com&#x2F;299502822" rel="noopener" target="_blank"><i class="fa bilibili fa-fw"></i>B站</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://www.zhihu.com/people/lm379" title="知乎 → https:&#x2F;&#x2F;www.zhihu.com&#x2F;people&#x2F;lm379" rel="noopener" target="_blank"><i class="fa zhihu fa-fw"></i>知乎</a>
      </span>
      <span class="links-of-author-item">
        <a href="http://www.coolapk.com/u/3126124" title="酷安 → http:&#x2F;&#x2F;www.coolapk.com&#x2F;u&#x2F;3126124" rel="noopener" target="_blank"><i class="fa coolapk fa-fw"></i>酷安</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://www.xiaohongshu.com/user/profile/6306019b0000000012001f11" title="小红书 → https:&#x2F;&#x2F;www.xiaohongshu.com&#x2F;user&#x2F;profile&#x2F;6306019b0000000012001f11" rel="noopener" target="_blank"><i class="fa xiaohongshu fa-fw"></i>小红书</a>
      </span>
  </div>


  <div class="links-of-blogroll site-overview-item animated">
    <div class="links-of-blogroll-title"><i class="fa fa-globe fa-fw"></i>
      Links
    </div>
    <ul class="links-of-blogroll-list">
        <li class="links-of-blogroll-item">
          <a href="https://pan.lm379.cn/" title="https:&#x2F;&#x2F;pan.lm379.cn" rel="noopener" target="_blank">OpenList</a>
        </li>
    </ul>
  </div>

        </div>
      </div>
        <div class="back-to-top animated" role="button" aria-label="返回顶部">
          <i class="fa fa-arrow-up"></i>
          <span>0%</span>
        </div>
    </div>
  </aside>
  <div class="sidebar-dimmer"></div>


    </header>

    
  <div class="reading-progress-bar"></div>

<noscript>
  <div class="noscript-warning">Theme NexT works best with JavaScript enabled</div>
</noscript>


    <div class="main-inner post posts-expand">


  


<div class="post-block">
  
  

  <article itemscope itemtype="http://schema.org/Article" class="post-content" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://lm379.cn/2024/08/27/%E4%B8%AA%E4%BA%BA%E7%9A%84%E7%BD%91%E7%AB%99%E9%98%B2%E6%8A%A4%E5%88%86%E4%BA%AB/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="https://r2.lm379.cn/2024/05/4e267962f6254f01166242c803cd488f.jpg">
      <meta itemprop="name" content="lm379">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="lm379のBlog">
      <meta itemprop="description" content="记录个人的折腾之旅">
    </span>

    <span hidden itemprop="post" itemscope itemtype="http://schema.org/CreativeWork">
      <meta itemprop="name" content="个人的网站防护分享 | lm379のBlog">
      <meta itemprop="description" content="本文基于我在知乎问题"个人小网站是怎么防止网站被攻击的?"下的回答进行修改">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          个人的网站防护分享
        </h1>

        <div class="post-meta-container">
          <div class="post-meta">
    <span class="post-meta-item">
      <span class="post-meta-item-icon">
        <i class="far fa-calendar"></i>
      </span>
      <span class="post-meta-item-text">发表于</span>

      <time title="创建时间：2024-08-27 18:42:14" itemprop="dateCreated datePublished" datetime="2024-08-27T18:42:14+08:00">2024-08-27</time>
    </span>
    <span class="post-meta-item">
      <span class="post-meta-item-icon">
        <i class="far fa-calendar-check"></i>
      </span>
      <span class="post-meta-item-text">更新于</span>
      <time title="修改时间：2024-12-26 01:55:00" itemprop="dateModified" datetime="2024-12-26T01:55:00+08:00">2024-12-26</time>
    </span>

  
    <span class="post-meta-item" title="阅读次数" id="busuanzi_container_page_pv">
      <span class="post-meta-item-icon">
        <i class="far fa-eye"></i>
      </span>
      <span class="post-meta-item-text">阅读次数：</span>
      <span id="busuanzi_value_page_pv"></span>
    </span>
</div>

            <div class="post-description">本文基于我在知乎问题"个人小网站是怎么防止网站被攻击的?"下的回答进行修改</div>
        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">
        <p>本文首发在知乎，链接：<a target="_blank" rel="noopener" href="https://www.zhihu.com/question/558788111/answer/3517971858">https://www.zhihu.com/question/558788111/answer/3517971858</a></p>
<h2 id="1-双线cdn隐藏源站ip"><a class="markdownIt-Anchor" href="#1-双线cdn隐藏源站ip"></a> 1. 双线cdn隐藏源站ip</h2>
<p>服务器腾讯云境内，有两个域名，主域名已备案放<a target="_blank" rel="noopener" href="https://www.dnspod.cn/">dnspod</a>(阿里云也行，假设域名为 <code>example1.com</code> ，平常访问也是这个)，另一个放<a target="_blank" rel="noopener" href="https://cloudflare.com">cloudflare</a>(以下简称cf，假设域名为 <code>example2.com</code> )，这是前置条件</p>
<blockquote>
<p>如果没有第二个域名，可以去白嫖 <code>cloudns</code> ，<code>eu.org</code> 这种能迁移到cf的二级域名</p>
</blockquote>
<p>购买腾讯云境内地区cdn流量包(主要是腾讯便宜，一二十块钱就能买一年 100G 的流量，阿里云华为云cdn最低是 500G，就要贵一些，这个看自己的选择)直接做cdn加速，根据自己的实际情况配置cc防御，用量封顶等规则，这步比较常规</p>
<p><img src="https://r2.lm379.cn/2024/08/75134d7a82a9f305c2a391d704030764.png" alt="" /></p>
<p>另一个域名去Cloudflare添加一条A记录指向服务器IP，开启小云朵(用作回退源，后面以 <code>cname.example2.com</code> 为例)</p>
<p><img src="https://r2.lm379.cn/2024/08/7067547e8de85cc8c4a6c98ef7bf06d4.png" alt="" /></p>
<p>找到 <code>SSL/TLS</code> -自定义主机名，把  <code>SaaS</code> 启用(需要验证 Paypal ，直接用银联卡绑定 Paypal 就能过，不需要花钱)</p>
<p><img src="https://r2.lm379.cn/2024/08/176b8ae85b2b01df114520feb1505caa.png" alt="" /></p>
<p>然后新建一个回退源(假设为 <code>cname.example2.com</code> )，等回退源可用后添加自定义主机名，添加的网站就是你的主站(比如 <code>www.example1.com</code> , <code>blog.example1.com</code> 等等)，根据提示回到dnspod添加两条txt解析用于签发SSL证书</p>
<p><img src="https://r2.lm379.cn/2024/08/d4995502e9216262d724ddd46f6b453f.png" alt="" /></p>
<p>下面我以你的网站是 <code>blog.example1.com</code> 为例</p>
<blockquote>
<p>注意这里有个坑，假如你添加的自定义主机名为 <code>blog.example1.com</code> ，你的txt记录值需要把后面的 <code>example1.com</code> 去掉</p>
</blockquote>
<p>就像这样(两条都要哦)：<code>_cf-custom-hostname.blog</code></p>
<p>等cf那边证书状态和主机名状态都变成有效之后，点击 <code>SSL/TLS</code> 概述，把加密模式改成<strong>完全</strong>(重要!!!否则网站打不开)</p>
<p><img src="https://r2.lm379.cn/2024/08/de680bce5c10f35d6c736d9d0576190d.png" alt="" /></p>
<p><img src="https://r2.lm379.cn/2024/08/73a9bf79548f0ac9ba6a119c27034824.png" alt="" /></p>
<p>回到dnspod添加一个 <code>cname</code> 解析，记录名称为 <code>blog</code>，线路选择境外，记录 <code>cname.example2.com</code></p>
<blockquote>
<p>如果不使用境内CDN，全站用Cloudflare，则需要进行优选，或者使用第三方的优选域名等</p>
</blockquote>
<p>这样你的网站就会接入腾讯云+cloudflare两个cdn，并且境外的流量由cf来抗</p>
<p>我这个方案是考虑到cf在境内糟糕的体验加上服务器位于境内才这么做的。兼顾了境内和境外区域的访问体验，如果你不在乎cf到底是加速还是减速，建议直接把域名的ns改到cf，由cf提供dns解析就能直接有cf的cdn了</p>
<blockquote>
<p>全部使用cf或者腾讯云的cdn都有弊端，前者大陆区域访问体验很差，后者流量包太少不够攻击者挥霍，而且据我所知攻击者用境外ip攻击的概率会比较大</p>
</blockquote>
<p>访问的时候ip来自境内会被dns分流到腾讯云cdn，境外就是cloudflare</p>
<p>但是假如你在境内，使用了  <code>1.1.1.1</code> 这种境外公共dns，<strong>全部</strong>流量都会直接走cf，这点需要注意，详情看<a  href="/2022/10/01/lm379-s-blog/">这篇文章</a></p>
<p>下面是效果图，测试结果来自<a target="_blank" rel="noopener" href="https://itdog.cn/">itdog.cn</a></p>
<p><img src="https://r2.lm379.cn/2024/08/6f9648e73f92c93e6ef7f53559b37d9b.png" alt="" /></p>
<h2 id="2-防火墙设置"><a class="markdownIt-Anchor" href="#2-防火墙设置"></a> 2. 防火墙设置</h2>
<h3 id="使用fail2ban"><a class="markdownIt-Anchor" href="#使用fail2ban"></a> 使用fail2ban</h3>
<p>如果使用了宝塔面板，可以直接去应用商店搜索Fail2ban，有图形化界面配置端口防扫描和防止ssh爆破<br />
不喜欢宝塔的人也可以直接通过命令安装，以ubuntu为例</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">sudo</span> apt-get install fail2ban</span><br></pre></td></tr></table></figure>
<p>然后复制配置并修改</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cd</span> /etc/fail2ban</span><br><span class="line"><span class="comment">## 复制默认配置</span></span><br><span class="line"><span class="built_in">sudo</span> <span class="built_in">cp</span> fail2ban.conf fail2ban.local</span><br><span class="line"><span class="built_in">sudo</span> <span class="built_in">cp</span> jail.conf jail.local</span><br><span class="line">nano jail.local</span><br></pre></td></tr></table></figure>
<h3 id="修改服务器防火墙"><a class="markdownIt-Anchor" href="#修改服务器防火墙"></a> 修改服务器防火墙</h3>
<p>如果使用了有安全组的云服务商（如阿里云腾讯云），可以前往控制台安全组的位置，放通你常用的网络的IP段</p>
<p>什么意思呢?（下面的看不懂可以直接跳过看实操）</p>
<p>你可以先去 <a target="_blank" rel="noopener" href="https://ipw.cn">https://ipw.cn</a> 这个网站查询到你本地或者区域的公网ipv4地址，运营商一般会分配一个或者两个/24的ip段给你所在的区域使用，因为家里路由器光猫等设备重启后ip基本都会变动，但是这个ip段是不变的，所以像ssh端口，面板管理端口这些高危端口我们只需要放通这个ip段即可，这样安全组就能帮你拦截大部分端口扫描</p>
<p>就算你向运营商要不到公网ip也没关系，反正你所在的区域都是这个ip段，私网和公网都一样，包括手机流量也是一样的</p>
<h3 id="实操部分"><a class="markdownIt-Anchor" href="#实操部分"></a> 实操部分</h3>
<p>先去下面这个网站获取你的公网ipv4地址</p>
<p><a target="_blank" rel="noopener" href="https://ipw.cn/">https://ipw.cn/</a></p>
<blockquote>
<p>ipv6防火墙也是类似的</p>
</blockquote>
<p>假设你的ip是 <code>114.51.41.91</code>，那么ssh端口就放通 <code>114.51.41.0/24</code> 这个段</p>
<p><img src="https://r2.lm379.cn/2024/08/60bde2774ff3d29970426428307dd3a9.png" alt="此图片仅供娱乐" /></p>
<p><img src="https://r2.lm379.cn/2024/08/14db1614e4f7bf2c1d8aefcacf6b2b04.png" alt="" /></p>
<blockquote>
<p>当然实际用的时候建议将服务器22端口修改为别的</p>
</blockquote>
<p>另外将ping直接拒绝</p>
<p><img src="https://r2.lm379.cn/2024/08/465f7d5e949451d6275c07d329920432.png" alt="" /></p>
<p>因为我服务器只有web服务，所以来源全部的仅保留 <code>80</code> 和 <code>443</code> 两个端口，其他的web服务全部通过 <code>nginx</code> 转发</p>
<p>问题来了，在其他端口都没放通的情况下，我想在访问服务器上配置的MySQL等服务，应该怎么做呢</p>
<blockquote>
<p>答案就是通过SSH转发</p>
</blockquote>
<p>比如转发MySQL默认3306端口的命令格式如下</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ssh -N -L 3306:127.0.0.1:3306 [USER]@[HOST]</span><br></pre></td></tr></table></figure>
<p>这段命令表示将本地的 <code>3306</code> 端口转发到服务器的 <code>3306</code> 端口，后面的 <code>user </code>和 <code>host</code> 分别表示用于ssh连接的用户名和远程主机ip</p>
<blockquote>
<p>如果你修改了SSH端口，也需要添加 <code>-p</code>参数来指定ssh端口</p>
</blockquote>
<p>这样你就可以在本地通过 SSH 隧道连接到服务器上的 <code>MySQL</code>，其他服务同理，只需要修改 <code>127.0.0.1</code> 前后的端口即可</p>
<p>如果你使用的是 <code>Navicat</code> 连接数据库，<code>Navicat</code> 内置了 <code>ssh</code> 隧道连接数据库的功能，就不需要单独用SSH命令开隧道</p>
<p><img src="https://r2.lm379.cn/2024/08/3e45f61ddceba071a02bb5d1737dc8ff.png" alt="" /></p>
<p><img src="https://r2.lm379.cn/2024/08/a11a1bdf6fdec197f0ade901a0b15ff0.png" alt="" /></p>
<p>这样一番操作下来，Cloudflare为你抗下了大部分海外的攻击，境内cdn再抗一些，云服务商再帮你拦截掉非本ip段的端口扫描，除非运气好碰上有跟你同一个段的人在爆破你的SSH或者端口，否则全部都扫不出来，应该能防下挺多攻击了吧？</p>
<p>除此之外还可以部署一些WAF项目，比如开源的雷池WAF社区版</p>
<p>Github: <a target="_blank" rel="noopener" href="https://github.com/chaitin/safeline">chaitin/SafeLine: serve as a reverse proxy to protect your web services from attacks and exploits. (github.com)</a></p>
<p>官方文档: <a target="_blank" rel="noopener" href="https://waf-ce.chaitin.cn/">雷池 WAF 社区版 | 下一代 Web 应用防火墙 | 免费使用 (chaitin.cn)</a></p>

    </div>

    
    
    

    <footer class="post-footer">
          <div class="reward-container">
  <div>打赏</div>
  <button>
    赞赏
  </button>
  <div class="post-reward">
      <div>
        <img src="https://r2.lm379.cn/2024/04/f597f96be857f5d530a787c8b81731da.jpg" alt="lm379 支付宝">
        <span>支付宝</span>
      </div>

  </div>
</div>

          <div class="post-tags">
              <a href="/tags/cdn/" rel="tag"><i class="fa fa-tag"></i> cdn</a>
              <a href="/tags/cloudflare/" rel="tag"><i class="fa fa-tag"></i> cloudflare</a>
              <a href="/tags/waf/" rel="tag"><i class="fa fa-tag"></i> waf</a>
          </div>

        

          <div class="post-nav">
            <div class="post-nav-item">
                <a href="/2024/08/15/%E7%8E%A9%E5%AE%A2%E4%BA%91%E5%88%B7%E5%85%A5openwrt%E7%B3%BB%E7%BB%9F/" rel="prev" title="玩客云刷入openwrt系统">
                  <i class="fa fa-chevron-left"></i> 玩客云刷入openwrt系统
                </a>
            </div>
            <div class="post-nav-item">
                <a href="/2024/08/28/%E7%8E%A9%E5%AE%A2%E4%BA%91armbian%E7%B3%BB%E7%BB%9F%E5%9F%BA%E4%BA%8Ezerotier%E5%AE%9E%E7%8E%B0%E5%BC%82%E5%9C%B0%E7%BB%84%E7%BD%91/" rel="next" title="玩客云armbian系统基于zerotier实现异地组网">
                  玩客云armbian系统基于zerotier实现异地组网 <i class="fa fa-chevron-right"></i>
                </a>
            </div>
          </div>
    </footer>
  </article>
</div>






    
  
  <div class="comments giscus-container">
  </div>
  
  
</div>
  </main>

  <footer class="footer">
    <div class="footer-inner">

  <div class="beian"><a href="https://beian.miit.gov.cn/" rel="noopener" target="_blank">蜀ICP备2022016740号-1 </a>
  </div>

<div class="copyright">
  &copy; 2022 – 
  <span itemprop="copyrightYear">2025</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">lm379. All Rights Reserved.</span>
</div>
<div class="busuanzi-count">
    <span class="post-meta-item" id="busuanzi_container_site_uv">
      <span class="post-meta-item-icon">
        <i class="fa fa-user"></i>
      </span>
      <span class="site-uv" title="总访客量">
        <span id="busuanzi_value_site_uv"></span>
      </span>
    </span>
    <span class="post-meta-item" id="busuanzi_container_site_pv">
      <span class="post-meta-item-icon">
        <i class="fa fa-eye"></i>
      </span>
      <span class="site-pv" title="总访问量">
        <span id="busuanzi_value_site_pv"></span>
      </span>
    </span>
</div>

    </div>
  </footer>

  
  <script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/animejs/3.2.1/anime.min.js" integrity="sha256-XL2inqUJaslATFnHdJOi9GfQ60on8Wx1C2H8DYiN1xY=" crossorigin="anonymous"></script>
<script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/comments.min.js"></script><script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/utils.min.js"></script><script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/motion.min.js"></script><script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/schemes/muse.min.js"></script><script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/next-boot.min.js"></script>

  
<script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-generator-searchdb/1.4.0/search.js" integrity="sha256-vXZMYLEqsROAXkEw93GGIvaB2ab+QW6w3+1ahD9nXXA=" crossorigin="anonymous"></script>
<script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/third-party/search/local-search.min.js"></script>




  <script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/third-party/pace.min.js"></script>

  
  <script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>




  

  <script class="next-config" data-name="enableMath" type="application/json">true</script><link rel="stylesheet" href="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/KaTeX/0.16.0/katex.min.css" integrity="sha256-uik/hNqHWZldXh/0K35nqOSCff9F61/ZOFReqNOBgB0=" crossorigin="anonymous">
  <script class="next-config" data-name="katex" type="application/json">{"copy_tex_js":{"url":"https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/KaTeX/0.16.0/contrib/copy-tex.min.js","integrity":"sha256-Us54+rSGDSTvIhKKUs4kygE2ipA0RXpWWh0/zLqw3bs="}}</script>
  <script src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/hexo-theme-next/8.12.2/third-party/math/katex.min.js"></script>


<script class="next-config" data-name="giscus" type="application/json">{"enable":true,"repo":"lm379/lm379.github.io","repo_id":"R_kgDOHoD2KA","category":"Announcements","category_id":"DIC_kwDOHoD2KM4CgEIm","mapping":"title","strict":0,"reactions_enabled":1,"emit_metadata":0,"theme":"light_tritanopia","lang":"zh-CN","crossorigin":"anonymous","input_position":"top","loading":"lazy"}</script>

<script>
document.addEventListener('page:loaded', () => {
  if (!CONFIG.page.comments) return;

  NexT.utils.loadComments('.giscus-container')
    .then(() => NexT.utils.getScript('https://giscus.app/client.js', {
      attributes: {
        async                   : true,
        crossOrigin             : 'anonymous',
        'data-repo'             : CONFIG.giscus.repo,
        'data-repo-id'          : CONFIG.giscus.repo_id,
        'data-category'         : CONFIG.giscus.category,
        'data-category-id'      : CONFIG.giscus.category_id,
        'data-mapping'          : CONFIG.giscus.mapping,
        'data-strict'           : CONFIG.giscus.strict,
        'data-reactions-enabled': CONFIG.giscus.reactions_enabled,
        'data-emit-metadata'    : CONFIG.giscus.emit_metadata,
        'data-theme'            : CONFIG.giscus.theme,
        'data-lang'             : CONFIG.giscus.lang,
        'data-input-position'   : CONFIG.giscus.input_position,
        'data-loading'          : CONFIG.giscus.loading
      },
      parentNode: document.querySelector('.giscus-container')
    }));
});
</script>


  <link rel="stylesheet" href="/dist/APlayer.min.css">
  <div id="aplayer"></div>
  <script type="text/javascript" src="/dist/APlayer.min.js"></script>
  <script type="text/javascript" src="/dist/music.js"></script>  

  <script type="text/javascript" src="\js\FunnyTitle.js"></script>

</body>
</html>
